Mark Stanislav will be presenting “The Hand That Rocks the Cradle: Hacking IoT Baby Monitors”
Every couple of months, the news covers some prankster yelling at an infant or an unsuspecting nanny through a baby monitor by hijacking its RF signal or abusing vendor-default credentials over the web. As the rapid growth of the Internet of Things (IoT) continues, the capabilities of a predator or prankster to abuse baby-monitoring devices is increasing due to the usage of a complex mixture of platforms, protocols, and hardware. With many high-end baby monitoring devices on the market, how is the never-ending expansion of must-have features for parents being weighed against the threats posed by continually increasing attack surface to provide them?
This presentation will discuss security research performed against nine of the most highly-regarded IoT baby monitors on the market today. Details of research methodologies and vulnerability findings will be presented to give attendees insight into what security flaws were found within the intricate combination of mobile applications, protocols, services, and hardware running these devices. Examples of potential remediations for identified flaws will be conveyed to help attendees learn the right way to handle similar situations in their own engineering efforts. Lastly, a custom scoring system will be used to help provide an apples-to-apples view of how each device faired in holistic security versus other assessed devices.
Curious about how well your privacy and safety are being taken care of by IoT vendors? Interested in IoT security research and want to understand what flaws are being found in devices today? Want to spin your own IoT research but need a methodology and tools to get you started? Attend this presentation and become more aware of the risks facing your family and from the technologies powering our lives.
Mark Stanislav is a Senior Security Consultant on the Global Services team at Rapid7. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development.
Mark has spoken internationally at over 100 events including RSA, DEF CON, SOURCE Boston, Codegate, SecTor, and THOTCON. Mark’s security research and initiatives have been featured by news outlets such as the Wall Street Journal, The Associated Press, CNET, Good Morning America, and Forbes. Mark is the co-founder of the Internet of Things security research initiative, BuildItSecure.ly. He is also the author of a book titled, “Two-Factor Authentication”.
Tuesday, October 13th, at 7 pm
One Energy Plaza`
Jackson, MI 49201
Please use the Francis Street parking deck.